On Thu, 12 Jul 2001, Roeland Meyer wrote:
From: up@3.am [mailto:up@3.am] Sent: Thursday, July 12, 2001 7:23 AM
I can't help but believe that if even 20% of them were caught and had to spend just a little time (even hours) with the cops, and had their peecees confiscated, you'd not be seeing nearly the problems we are now.
This is the main point, a script-kiddie hunt, with prosecution, is the ONLY real deterrent. Throw some of them in hotel greybar and remove them from computing, for life, and we may see some of this turn around.
I am just concerned about our current legal systems being able to handle such cases efficently. Well.. Perhaps I should not use 'legal systems' and 'efficently' in the same sentence, but you get the idea ;) Think SPAM here. It has been discussed in the past, and I have a few users who have been victims of SPAM-zombies (or the like). This is not too much different. I got abuse reports from several different sources about SPAM originating from a customer of ours who has been with us for four years so I questioned stuff. Turns out they had a similar zombie designed to SPAM. Their fault? No. Should I have placed filters on their IP? Yes. It was a choice to deny one person service till the problem was corrected for a short time, or to have the rest of the internet community suffer. Also- dealing with attackers from other countries (and taking them to court) can be a serious and costly issue.
If a lady wears skimpy clothing, does she deserve to get raped? Obviously, not. If a computer has skimpy protection, does it deserve to be turned into a zombie? Simply because you forget to lock your car one night (whilst in your driveway), do you deserve to have it stolen? If you leave a $100 on your kitchen table, in your unlocked house, whilst you are working in your garage, do I have the right to sneak in the back door and take it while avoiding prosecution, on the grounds that you were careless? WRT EFFnet, does a prostitute deserve to be raped?
Agreed. They do not deserve it. However, by the time their machine(s) are comprmised, the damage has been done.
There are certain reasonable presumptions, like safety, that our society affords us. Script kiddies violate those as do the slime-bags that argue for their good. How much of our budgets have gone to protecting ourselve from those rodents? How much revenue has been lost because of their activity? They are the rats of the Internet and bring disease with them whereever they go. Their population is growing to plague proportions and they are getting bolder. It's long past time to poison the lot of them, including their supporters.
I wish I had the $$ to take them all to court (even some of them in other countries).
Personally, I feel that the crud that writes and releases their code for them should be lobotomized. Regardless of their disclaimers, they are NOT doing a public good.
In a perfect world, we would not need hardened-steel-reenforced safes for our money and 128-bit SSL encryption to make online orders. All of our efforts and attempts to bring order to a chaotic society will be tested again and again by members of that society. So- while I agree with your intentions- staying ahead of the game is probably the most efficent way to 'win'. Hence BugTraq and the like. Sure- posting code to bugtraq which gives remote root access to 10% of DNS servers on the planet also puts that code in the hands of individuals who do not deserve it. However, and even better-yet, it puts it in the hands of those who need it most. --- Brad Baker Director: Network Operations American ISP brad@americanisp.net +1 303 984 5700 x12 http://www.americanisp.net/